Face to Face: A Conversation with Mark Metz

The publisher of online city guides talks about his campaign to rid the Internet of piracy and rates congressional efforts to clean up on-line activity.

Q. Why did you start stoppiracynow.org?

A. The Internet is still a fairly lawless place. It certainly started out a completely lawless place, with no one held accountable for anything. As a leader in the industry and constantly trailblazing new ground, we had other people coming along and saying, "That's a neat idea, I'll just take it." Our business is being taken right out from under us essentially and we've had to fight back in court And now, with stoppiracynow.org, we'll donate to anti-piracy efforts and we'll do our best as well to educate people on what's going on. That's the first step.

Q. How do you define piracy in the Internet space?

A. Piracy is essentially taking over someone else's resources. Robbery on the open seas, during the old days, meant seizing control of somebody else's ship and property while they were trying to engage in commerce. I'm pushing for the broadest possible definition of [online] piracy I would say anytime you commandeer somebody else's resources for your own gain without compensating them on the open network, like the open seas, you're engaging in an act of digital piracy.

Identity theft, for example, is commandeering someone else's identity; that's an easy one to understand. That feels like piracy. Taking somebody's software. Taking somebody's brand name, where people do what's called typo-squatting or domain hijacking, where they pretend to be somebody else... It's also called "phishing." That's where basically you receive an e-mail and it says it's from PayPal or Ebay and it says your last transaction didn't go through, so click here and type in your credit card information so we can complete the transaction. Somebody has stolen the logo, and maybe they have done a typo-squat where they use a domain name that's been misspelled, but very similar. And so you fill out the thing and you think you're corresponding with your financial institution, or with PayPal, and instead you've just handed a pirate your Social Security number.

Q. What about spam?

A. Spam is a form of piracy Spam e-mail pirates the bandwidth of the Internet. It pirates the server resources of the system administrator at your company, and all the ISPs [Internet service providers] like AOL, have to deal with the fact that almost 50 percent of the mail flowing through their servers is junk. And your [employee] has to sit there and hit the delete key all day long. That's their time. That's worth something. And it's their employer's money.

Spam costs spammers nothing to pull all these resources out of society. So to me it's piracy. If you look at it broadly, it's a huge problem.

Q. What is mousetrapping?

A. That's where they disable the "back" button on your Internet browser. So, for example, you're in a search engine, you click on a Web site, you click "back," and you expect to go back to the search engine. What they do with mousetrapping is you click "back" and it just forwards you to the same Web site or it opens up dozens of new windows each time you try to close one. So you literally can't get out of the porn site or whatever it is you've stumbled upon

Q. This seems like a massive challenge to control. Where do you start? Maybe building on the e-mail spam law that just got through Congress?

A. You could really call that the "The Bulk [E-]Mail Legitimization Act." Even though it's far from perfect, I'm all for it. I'm glad they did it, so don't get me wrong. I'm just objectively pointing out the weaknesses in it. The law sets up rules whereby you can send e-mail, bulk e-mail, as a legitimate marketer and if you follow these rules, it's OK.

The law, however, has a very important pre-emption provision. California had a law, for instance, taking effect Jan. 1, that was draconian. You could send out what you thought was a legitimate e-mail newsletter, have it contain an advertisement from a third party that didn't have a relationship with the recipient of the newsletter, and be liable for $1 million in civil damages. And in California, as you know, there are enough lawyers that would be gunning for deep pockets. So [the provision in the federal law] is very important, and people were pushing for a federal law to pre-empt 37 state laws that were out there. But, unfortunately, the federal law is weaker than most of the state laws.

It says that if you follow this set of rules, it's legitimate for you to send mail out. If you break the rules, if you send a deceptive header or a deceptive return mail address, it's a penalty of up to five years in jail. That's the great part. I'm thrilled about that. For the first time, at the federal level, someone is making the statement that this is criminal activity and we are going to call it that.

The Federal Trade Commission has always had the power to enforce laws against scams, and they have, actually. But the e-mail situation is a flood and the FTC has not been able to keep up. It's extremely difficult for them to track down the actual perpetrator.

So Sen. John McCain introduced an amendment that I call the "follow the money" provision I thought that was very important because the only way they are going to be able to stop fraudulent spam is to follow the money. Somebody is paying a commission to send out this spam

Q. So why is California's approach wrong?

A. The California legislation did a good thing that wasn't done right. It essentially set up a system, similar to the fax law, where you could go out and recover damages from spam The problem was it was going to set up this vigilante force of opportunistic attorneys that were just going to go after legitimate companies because legitimate companies can be found All that was going to happen was that legitimate companies sending out legitimate marketing messages were going to get targeted by rapacious attorneys

The kid working from the basement of his mother's house in Buffalo will still be sending out 60 million spam messages to get 10 responses to make 10 sales, while everyone else is wasting all this time sorting out the junk.

Q. But if spam gets such a low response, why is there so much? The impression it gives is that it works.

A. Because it's the numbers game. If you send out 60 million pieces of spam, even if 50 million get filtered, 10 million will get out there And that's not all of the problem. The economics have shifted (from the days when virus writers simply focused on pranks) and now the virus writers are writing viruses that take over your computer.

So you go home, you log on, underneath the hood, unbeknownst to you, with no indication whatsoever, someone has taken over your computer as a spam relay because you clicked on a link that you thought was something else and it took you to this site. Then it installs a program that is running behind the scenes and it hides itself, so you have no idea it's running, and it doesn't interfere with your computer other that maybe it is running a little slower and you don't know why, the spammer basically broadcasts all of their spam out across tens of thousands of computers that have been taken over in this way.

So when AOL wants to block spam, the first thing they do is to say, "Well it all comes from this account that started yesterday. Well that's easy. We'll just shut that account down because a million e-mails just came from that account." But the spammers, once again two steps ahead of everyone technologically, have formed an unholy alliance with the hackers and the spyware people and started to essentially hijack all these computers out there.

My computer, your computer, unless you sweep for it regularly, could be used by a spammer. The spammer instead of sending a million e-mails from one computer, which is easy to spot, they send 100 emails from 10,000 computers and get the same effect.

Q. You mentioned spyware, what is that?

A. Spyware is the worst. It's destroying my business. It usually starts when you go to what appears to be a legitimate site and download a legitimate program. It could be a program to store credit card information so you don't have to re-enter it every time, or a program that updates the weather. What spyware companies do is they sneak in another program underneath the hood so you install the weather program thinking that you're getting this neat weather application. And you are. You're getting a legitimate program, but the cost of getting this "free" program is that they install this piece of spyware behind it. And the spyware sits there watching what you're doing. And they make money because you're surfing the Web sites and you're looking at a specific topic, say travel, and all of a sudden an ad for a travel company pops up. You think it's coming from the Web site you're looking at, but in fact it's coming from the spyware that you installed without realizing.

Q. This all sounds really cloak and dagger.

A. It is. It's completely lawless. And I applaud Congress for taking the first steps, but they have a long way to go

Q. Sounds like there has to be a mind-set change.

A. Absolutely. When I was setting up stoppiracynow, I really looked at all the information sites out there. Some of the best sites actually have a pro-piracy bent They talk a lot about privacy, fantastic privacy advocates, but they treat the piracy issue like a privacy issue and say in the privacy of your own home you should be able to steal songs and here's how you should do it The stories that don't get as much drama are the successes. [One] university has struck a deal now where students can install Napster legitimately and [the university] has bought a bulk song license from the music industry. So now, as a student, you can swap songs under the university's license This does start to show the shift.

And this is where all that education is going to have to come in. You're going to have to educate people about why this stuff is bad. And it does affect the consumer in the long run. In the short run you downloaded a song for free that you would have had to buy a disc for $17 or $20 But the consumer ultimately is punished, because year after year music is going to become more corporate, more homogenized. The quality of art kids supposedly love is going to go down because artists are going to stop producing. It's an inevitable economic fact.

Other acts of piracy, like e-mail spam, search engine spam, identity theft, spyware and phishing, all undermine the credibility of the Internet, increasingly making it difficult or just plain frightening to use Studies have already started to document an effect where a segment of the population has just "logged off" and stopped using the Internet. And responsible parents dare not let their children use the Internet unsupervised or without special software to try to protect them. Left unchecked, piracy will ruin the Internet for all of us.

Q. Boca Raton has a reputation for being the spam capital of the world.

A. It does, and I think it's a fair statement.

Q. Is there anything the state can do?

A. The states are supposed to be the laboratory for laws. I think there's a lot to be said for that. Obviously a state that has some of the worst problems should be the state that sticks its neck out and solves the problem.

But California went so far over the line. It went bananas. The California law would have made it impossible to send a regular marketing e-mail. Florida has to watch out and not do something so draconian that it hurts legitimate business. For Boca Raton to be known as the spam capital of the world in a state that wants to attract high-tech businesses is a shame

Florida should really try to get out ahead If New York Attorney General Eliot Spitzer gets a reputation as the guy that cleans up the finance industry, well, that makes sense because Wall Street is in his back yard. If we've got the Boca people in our back yard then Florida should make its specialty cleaning up that kind of thing

Q. How much international cooperation is required?

A. One of the fascinating things we had to deal with is that someone from Uzbekistan tried to break in and steal some of our domain names. We never verified they were in Uzbekistan. I suspect they were in Amsterdam, and put in an address from Uzbekistan. But when you log in one morning and find your domain has been re-registered to an entity in Uzbekistan, you see this isn't only an in-America problem. As the regulatory and legislative environment starts to clamp down [in the United States] then people will move this overseas. It's inevitable.

This cannot be done in a vacuum. But we've seen that nations that want to be serious about taming the Wild West can This is one area where countries can cooperate and get something accomplished that is in everyone's interest.

BACKGROUND

Mark Metz, founder of MetroGuide.com Inc., Hollywood publisher of online, worldwide city guides, is on a crusade to raise awareness of misbehavior on the Internet. He fears the "Wild West" attitude reigning online will damage the trust and confidence among ordinary people. If that happens, he insists, legitimate businesses will suffer.

But before anything changes, Metz argues, people need to know dangers exist. That's the first step toward finding workable solutions. And that's why he has started the advocacy site StopPiracyNow.org.